A prerequisite for real-world deployment of vehicle-to-vehicle (V2V) communications applications is a security system that can support critical functions such as message authentication and driver privacy. The foundation for enabling these security functions is a vehicular public-key infrastructure (also referred to as certificate management system) to create, authorize, assign, and manage the security keys and their digital certificates used by vehicles throughout their lifecycles. Conventional certificate management systems rely on Certificate Authorities (CAs), which are servers typically connected to terrestrial infrastructure networks, to create and issue certificates, detect and revoke misused certificates, distribute certificate revocation lists to notify users of the revoked certificates, and replace expired and revoked certificates. This means that vehicles using such conventional certificate management methods have to rely on infrastructure network connectivity to communicate with CAs for their certificate management needs.
Prior-art PKI solutions for vehicle communications require vehicles to communicate frequently with infrastructure-based Certificate Authorities using two-way communications. This will require the deployment of large-scale new roadside radio networks or equipping a high percentage of vehicles with existing long-rang two-way communications capabilities (e.g., cellular), which can be highly costly and can take a long time to achieve.
Digital certificates and the Public Key Infrastructure (PKI), which is today's most prevailing certificate management system, provide a foundation for securing vehicle communications. However, using a conventional certificate management system requires vehicles to have frequent infrastructure network connectivity to communicate with Certificate Authorities (CAs) to:                Obtain initial security keys and their certificates.        Obtain replacement keys and certificates for expired and revoked certificates.        Send information to the CAs (or separate malicious behavior detection servers), which can be used by the CAs to detect security attacks.        Obtain Certificate Revocation Lists (CRLs) from the CAs.        
Here, infrastructure networks refer to any roadside short-range radio networks (e.g., DSRC) or cellular networks, which vehicles can use to communicate with fixed servers. Providing frequent infrastructure network connectivity nationwide to all vehicles (e.g., by establishing roadside DSRC networks or using cellular networks) can be highly costly.